Monitoring deep, dark and surface web to detect exposure of your sensitive data, secret projects and initiatives, privileged users, critical systems, IT infrastructure, and more.
Monitoring and alerting of third party data breaches impacting your employees’ emails, usernames, and personally identifiable information.
Assess the risk footprint and security posture of key business relationships to get a handle on external risk introduced through your extended attack surface.

Sign Up for Updates

Digital risk monitoring of key personnel with telemetry and risk metrics. VIPRecon provides broad coverage of social media, deep and dark web, as well as physical threat assessments.
Our Ransomware Response Readiness Assessment, Playbook and Table Top Exercise gives your organization the best chance to survive and recover.
Gain visibility of your digital footprint by reaching into the most active areas of the cyber underground.
Fully managed and tailored Threat Intelligence services that becomes an extension of your current security processes and provides real-time visibility on new threats.
Providing research and investigations into known threats, to save security teams time and stress during a cyber emergency.

Sign Up for Updates

GroupSense offers a comprehensive package of services for assessing and responding to ransomware attacks, including negotiations with threat actors.
Actively researching and monitoring threats from vendors or third-party companies that can affect organizational security.
Monitoring for threats to elections, VIPs, and more on social media to proactively prevent or mitigate digital risk.
Focusing on the threats and risks that matter to your security processes and providing intelligence and insights to prevent or mitigate digital risk.
Taking the next step in security services, by proactively taking down phishing sites or anonymously interacting with threat actors to provide better intelligence.
Active monitoring of your brand's digital assets to protect its reputation and stop further brand abuse from targeting unsuspecting victims.

Sign Up for Updates

Combining your cyber and fraud programs to effectively fight threat actors continually scamming or threatening assets within an organization.
Executives are prime targets for fraudulent activities, but with a proactive approach, any attacks or threats can be neutralized before causing any damage.
Governments, political parties and candidates must all act now to activate cyber threat intelligence services to harden their information security and get ahead of inevitable cyber threats to the election process.


GroupSense Ransomware Negotiation Services can get you through this.


Ransomware Attack


If you’re facing a ransomware or extortion threat, the time to contact us is right now.

GroupSense has the most experienced negotiators handling the fallout of ransomware attacks.

Ransomware Negotiators

Plan Now, Panic Later

GroupSense offers a comprehensive package of services for assessing and responding to ransomware attacks. Get ransomware ready with our Ransomware Response Readiness Subscription (R3S). The R3S provides you with a fully planned solution to a ransomware attack before it becomes a problem.


Find Out More on the R3S 


When to call in Threat Actor Engagement?

Hint: Now.

If you’re facing a ransomware or extortion threat, the time to call us is right now. 
You can’t rewind the clock to yesterday - there’s never a better time to call in an experienced ransomware negotiator than right now. Whether you choose to pay the ransom or not, their specialized expertise is invaluable in helping you navigate this security crisis.
This is not a DIY project for your lawyers or CEO. Bring in the experts. We not only bring in expertise, we've also been very successful in negotiating both data destruction and cost savings. Expert ransomware negotiators have helped businesses like yours navigate these previously uncharted waters.

Early Warning

When there's a threat or breach, you'll be the first to know.



We take on the negotiation services allowing you to deal with your business operations.


Incident Response

We'll guide you and your security team's response to ensure you can deal with the threat properly and securely.


Public Relations

Our experts will help deal with the reputational backlash.



You'll have our full knowledge and experience at your disposal to deal with new ransomware incidents.



Automated and refreshed data on impending threats or risks of new cyber attacks. 


Hopefully you’re reading this before you’ve suffered a ransomware attack.

If you suspect your organization is a victim of a ransomware attack or know that you are, (perhaps you’ve already encountered a message from the cyber criminals), your first steps are:

  • Take a deep breath.
  • Try not to panic.
  • Do not answer the note before getting help.

The first of your many difficult decisions whether to pay the ransom or not. Knowing how to decide, act and move on is critical. You can read our ransomware negotiation guide to find out more.

Learn More


Extortion is Ransomware 2.0: The Tool of Choice

Ransomware is a quick and easy path to revenue for criminals. Unfortunately, ransomware isn’t always the first play in a criminal’s playbook. They usually have been in your network for a while and deploy ransomware after they’ve accessed all your data.

Attackers leverage ransomware to get your attention and get you to act on a deadline. Have a backup? They’ve overcome it and still they’ll post your data for all to see if they don’t get their money. Sometimes they expose your data without a ransomware attack, but the sight of locked-up computers and zero business going on means you have to act - NOW!

They might just forgo the ransomware and go straight to extortion.


Ransomware Negotiation is Not Incident Response


Our expert negotiators have extensive experience resolving ransomware attacks, including arranging the destruction of exfiltrated data to reduce the damage caused by dual ransomware/data theft attacks. 
We also provide comprehensive services for evaluating and confirming attacks, and conducting post-attack remediation activities including executive support at board meetings, legal counsel, coordinating with insurance companies, public relations messaging and execution, and communications with key stakeholders including investors, employees and customers.
  • Threat Evaluation

    Ransomware attacks need to be assessed for legitimacy. It is also important to identify the threat actor and develop a negotiation and mitigation strategy based on the threat actor’s history.

  • Threat Actor Engagement

    Threat actors may seem like faceless criminals – but they are human beings that can be constructively engaged so ransomware victims can verify the claims of the threat actor and build the needed trust and rapport for a positive outcome.

  • Ransomware Negotiation

    Novices are always at a disadvantage in negotiations with experienced professionals, and since most companies do not have access to experienced ransomware negotiators, threat actors usually have a decided advantage. GroupSense levels the playing field with experienced negotiators who can effectively reduce ransom demands and manage the cryptocurrency transaction once the negotiation is complete.

  • Post-transaction Services

    There are a number of activities that need to happen post-transaction to reduce the potential damage of the attack, including monitoring the threat actor to prevent a repeat attack, obtain access to any stolen data, and communicate with all necessary parties about the attack, including insurance companies.


Settle Out of Court.
Not the Best Case, But Your Best Option

If you’ve been hit with a frivolous lawsuit, there are times to settle out of court and get back to work. This may be one of those times. Using our client recovery services to get your data back is one of the simplest and best options.

Team of Teams

This is not a cyber security issue, it is a business issue. We know how to build your team because we’ve done it.

You need a team that has supported organizations facing their worst nightmares: 

  • Locked out from critical IT infrastructure, preventing the business from operating 
  • Sensitive data being stolen  
  • Extortion demands after a ransom has been paid





Deal with the Attacker

Everything you say or don’t say, the channels you use, and the timing and tone of your communications will all have a bearing on these proceedings. Structuring the deal, the money transfer, and the data recovery are critically important. Leverage the expertise of our ransomware negotiator to safely handle the attacker.


Criminals are skittish. They’re not big on trust. GroupSense has been involved in the dark web for years.
We’re known. We’re trusted.

Download the ransomware negotiation guide

Ransomware is Big Business

Criminals have not only expanded, but adopted new business models. They have service departments and quick response times. They are still, however, criminals out to steal your hard-earned money. Unfortunately, once you have been attacked and business is shut down, there’s very little you can do but negotiate.
Enterprises need to take a more sophisticated approach to ransomware – most victims wind up suffering far more damage than is necessary, whether by overpaying threat actors, incurring brand damage and compliance violations from online data dumps or spending extended periods of time with no access to their critical data.
Information Security Professional
Cyber Security Industry

Don't Fall For a Bad Deal

Use our ransomware negotiation services to get the best outcome for you in a tricky situation.